Disrupting the Disruptors: How to Use Machine Learning to Unseat Cyber Criminals

Mark Russinovich, CTO, Microsoft Azure, shares best practices in cloud-scale Machine Learning in cyber defense. He shares the properties of a successful Machine Learning solution: they are adaptable, explainable, actionable and successfully detected.

Algorithms need to be adaptable as security professionals constantly deploy changes and patches and usage behavior changes daily. With that, it's well known that attackers evolve their tactics just as quickly as patches and updates occur. Russinovich goes through several case studies that explain and explore the components of a Machine Learning system, and how multiple iterations can classify subsets of data to produce successful Machine Learning algorithms.

The second case study explores how to detect malware for today, not yesterday. He closes with his "Attack Disruption Checklist" and he encourages the industry to share best practices broadly.